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this data being transmitted to the user of the system. However, this solution 
has the drawback, among others, that the access to same logical records 
cannot be controlled according to different users, or only with difficulty. Thus 
information cannot be user-specifically handled e.g. already before filtering, 
which does not allow for any technically sensible solution, in particular with 
respect to data security, etc. 

The publication US 2002/0143961 discloses a system for 
management of user profiles described in which the user profiles are stored in a 
central storage. Different service providers can access these centrally stored 
and administered user profiles or specific data contained therein, whereby the 
expenditure in human labor can be reduced and the consistency of the data 
improved. By means of an access protocol, clients can generate the user 
profiles, administer them, and access them via a network. The described 
system solves only the problem of management of user profiles, however, 
without making possible generation of user-specific data within the framework 
of an offered service. 

Described the publication US 2003/0084184 is a communication 
system for monitoring and control of communication time and/or communication 
costs, the user being informed about the used and/or still remaining 
communication time, and communication being interrupted after the limit value 
has been reached. Communication between the client and the host system is 
established via a Virtual Session Manager (VSM). The quantity of information 
exchanged between the mobile client and the host system is decreased 
considerably, whereby costs for the user are reduced. However this document 
also does not disclose any user-specific generation of data and/or programs. 

It is an object of this invention to propose a new system and method 
for automated generation of access-controlled, personalized data and/or 
programs which do not have the above-mentioned drawbacks of the state of 
the art. In particular, a simple and rational automated system and method 
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should be proposed for generating data simply and user-specifically 
(personalized data), administering said data and putting it at the disposal of the 
respective user. 

This object is achieved according to the present invention in 
particular through the elements of the independent claims. Further preferred 
embodiments follow moreover from the dependent claims and from the 
specification. 

In particular these objects are achieved through the invention in that 
a user accesses a central unit via a network by means of a communication 
device, and access-controlled data and/or programs are transmitted to at least 
one communication device, logical records being generated with data elements 
divided according to authorization classes and being stored in at least one 
source database, the user being identified by the central unit and an 
authorization class being assigned to the user by means of a user database, 
access request data for access to the logical records of the at least one source 
database being transmitted from the communication device via the network to 
the central unit, and the personalized, access-controlled data and/or programs 
being generated by means of a filter module of the central unit based on the 
authorization class of the user and the access request data. For generating the 
personalized data the central unit can comprise e.g. a HTML (Hyper Text 
Markup Language) and/or HDML (Handheld Device Markup Language) and/or 
WML (Wireless Markup Language) and/or VRML (Virtual Reality Modeling 
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one communication device 20, ...,24. The networl< 30/31 can comprise a 
communication network, such as e.g. a GSIVI or a UIVtTS network, or a satellite- 
based mobile radio network, and/or one or more fixed networks, for example 
the public switched telephone network, the worldwide Internet or a suitable LAN 
(Local Area Network) or WAN (Wide Area Network). In particular it also 
comprises ISDN and XDSL connections. The connection between receiving 
device 20,.,., 24 and central unit 40, however, can also take place via different 
data channels and not just direct via the described communication networks 
30/31 . The data can be transmitted e.g. between the receiving device 20,. ..,24 
and the central unit 40 via an interface (e.g. a wireless interface, such as an 
infrared interface or Bluetooth) to a data terminal, and from the data terminal 
via a communication network, or by means of a removable chipcard of the 
receiving device 20,. ..,24, which card is inserted in a data terminal, via this data 
terminal and a communication network 30/31 to the central unit 40. In the 
preferred embodiment variant, however, the receiving device 20,... ,24 and the 
central unit 40 each comprise a communications module. By means of the 
communications module data can be exchanged over the communication 
network 30/31 . As already mentioned, the communication network 30/31 
comprises, for example, a mobile radio network, for instance a GSM, GPRS or 
UMTS network, or another, e.g. satellite-based mobile radio network, or a fixed 
network, for instance an ISDN network, the public switched telephone network, 
a TV or radio cable network, or an IP network (Internet Protocol). In particular, 
in receiving devices 20, ...,24 designed as mobile devices the communications 
module comprises a mobile radio module for communication via a mobile radio 
network 31 and/or WLAN. Understood by access-controlled data and/or 
programs are, for example, among other things, digital data such as texts, 
graphics, pictures, maps, animations, moving pictures, video, QuickTime, 
sound recordings, programs (software), program-accompanying data and 
hyperlinks or references to multimedia data. Also belonging thereto are e.g. 
MPx (MP3) or MPEGx (MPEG4 or 7) standards, as defined by the Moving 
Picture Experts Group. The communication device 20,... ,24 of the user can be, 
for example, a PC (Personal Computer), TV, PDA (Personal Digital Assistant) 
or a mobile radio device (in particular e.g. in combination with a broadcast 
receiver). The logical records 421, ...,423 are generated with data elements 
421 1,... ,4214 divided according to authorization classes and are stored in at 
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Claims 



1 . A method of automated generation and of making available of 

access-controlled, personalized data and/or programs, a user (10 14) 

accessing a central unit (40) via a network (30/31 ) by means of a 

5 communication device (20,. ..,24) and the access-controlled, personalized data 
and/or programs being transmitted to at least one communication device 
(10,. ..,14), wherein 

logical records (421,. ..,423) are generated having data elements 
(421 1 ,...,4214) divided according to authorization classes and are stored in at 
10 least one source database (42), 

the user (10,... ,14) is identified by the central unit (40), an 
authorization class being assigned to the user (10,..., 14) by means of a user 
database (45), 

access request data for access to the logical records (421 ,...,423) of 
15 the at least one source database (42) are transmitted from the communication 
device (20,. ..,24) via the network (30/31) to the central unit (40), 

the access-controlled, personalized data and/or programs are 
generated by means of a filter module (41) of the central unit (40) based on the 
authorization class of the user (10,... ,14) and on the access request data, and 
20 are made available to the user (10, 14) in an accessible way. 

2. The method according to claim 1, wherein determined by means 
of the access request data of the user (10,. ..,14) is to which user and/or user 
groups the personalized, access-control data and/or programs are transmitted. 

3. The method according to one of the claims 1 or 2, wherein the 
25 data are filtered according to the authorization class of the respective user 
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(10,.,. ,14) by means of an additional filter module of the communication device 
(20 24). 

4. The method according to one of the claims 1 to 3, wherein 
clearing data are transmitted from the central unit (40) to a clearing module 
(43), which clearing data contain billing data for said access to the access- 
controlled, personalized data and/or programs. 

5. The method according to one of the claims 1 to 4, wherein a user 
profile is created based on the respective user behavior and is stored assigned 
to the user (10,... ,14), the access-controlled, personalized data and/or 
programs being generated and/or optimized at least partially based on the user 
profile. 

6. The method according to one of the claims 1 to 5, wherein the 
access-controlled, personalized data and/or programs are stored in a 
permanent data store (46) of the central unit (40) accessible to the user 
(10 14), 

7. The method according to one of the claims 1 to 6, wherein stored 
in the user profile are user-specific data about network features and/or data 
about hardware characteristics of the communication device of the user 

(10, ...,14) and/or data about user behavior. 

8. The method according to one of the claims 1 to 7, wherein 
different user profiles for different communication devices (20,. ..,24) are stored 
assigned to the user (10,. ..,14). 

9. The method according to one of the claims 1 to 8, wherein the 
access request data are transmitted to the central unit (40) over a first 
bidirectional communication channel, the user (10,... .14) being identified, and 
the access-controlled, personalized data and/or programs are transmitted to the 
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communication device (20,. ..,24) in an encrypted manner and unidirectionally 
over a second communication channel. 

10. The method according to claim 9, wherein the first bidirectional 
communication channel comprises at least a mobile radio network (31) and/or 
the second unidirectional communication channel comprises at least a 
broadcast transmitter. 

1 1 . The method according to one of the claims 1 to 10, wherein 
HTML and/or HDML and/or WML and/or VRML and/or ASD are used for 
generating the personalized data. 

12. A system for automated generation and for making available of 
access-controlled, personalized data and/or programs, which system comprises 
a central unit (40), at least one source database (42) and a plurality of user 
units (20,. ..,24), the access-controlled, personalized data and/or programs 
being transmittable by means of a network (30/31) from the central unit (40) to 
the user units (20,. ..,24), wherein 

the at least one source database (42) contains logical records 
(421,.. .,423) having data elements (4211,.. .,4214) divided according to 
authorization classes, 

the system comprises an identification module (44) with a user 
database (45), in which an authorization class is stored assigned to each user 
(10,...,14), 

the central unit (40) comprises a filter module (41 ), by means of 
which the access-controlled, personalized data and/or programs are able to be 
generated based on the authorization class of a user (10,..., 14) and based on 
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access request data transmitted by means of the user unit (20,. ,.,24), and are 
able to be made available to the user (10 14) in an accessible way. 

13. The system according to claim 12, wherein the access request 
data of the user (10,. ..,14) contain destination data with which it is definable to 
which user and/or user classes the access-controlled, personalized data and/or 
programs are to be transmitted. 

14. The system according to one of the claims 12 or 13, wherein the 
communication device (20,. ..,24) further comprises a filter module to filter the 
data according to the authorization class of the respective user (10,. ..,14). 

15. The system according to one of the claims 12 to 14, wherein the 
central unit (40) comprises a clearing module (43) for generating clearing data, 
which clearing data contain billing data for said access to the access-controlled, 
personalized data and/or programs. 

16. The system according to one of the claims 12 to 15, wherein the 
central unit (40) contains a user profile stored assigned to the user (10,.. .,14), 
the access-controlled, personalized data and/or programs being generated 
and/or optimized at least partially based on the user profile. 

17. The system according to one of the claims 12 to 16, wherein the 
central unit (40) comprises a permanent data store (46), in which the access- 
controlled, personalized data and/or are stored in a way accessible to the user 
(10,...,14). 

18. The system according to one of the claims 12 to 17, wherein the 
user profile comprises user-specific data about network features and/or data 
about hardware characteristics of the communication device of the user 
(10...., 14) and/or data about user behavior. 

19. The system according to one of the claims 12 to 18, wherein the 
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central unit (40) comprises different user profiles for different communication 
devices (20,. ..,24) of the user (10,.. .,14). 

20. The system according to one of the claims 12 to 19, wherein the 
system comprises a first bidirectional communication channel for transmitting 
the access request data to the central unit (40) and a second communication 
channel, the user (10,...,14) being identifiable via the first bidirectional 
communication channel, and the access-controlled, personalized data and/or 
programs are transmittable to the communication device (20,. ..,24) in an 
encrypted manner and unidirectionally over the second communication 
channel. 

21 . The system according to claim 20, wherein the first bidirectional 
communication channel comprises at least a mobile radio network (31) and/or 
the second unidirectional communication channel comprises at least a 
broadcast transmitter. 

22. The system according to one of the claims 12 to 21 , wherein the 
system comprises a data module for generating personalized data in HTML 
and/or HDML and/or WML and/or VRML and/or ASD format. 
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